Nortel 2050 Installation Manual page 11

Chapter 1: Before you begin
Figure 3 In the DMZ
On the internal network
Although the sample network includes a firewall configured to provide security to
the servers and workstations on the internal network, 3D Sensors on this segment
can monitor traffic that is allowed inbound by the firewall by choice or due to
firewall misconfiguration. For example, if you have a security policy that prohibits
FTP connections to any host on the internal network, you can create a rule on the
3D Sensor that will trigger when it detects traffic directed to port 21 on any IP
address in the segment. A 3D Sensor on this segment can also detect attacks that
originate from hosts on the internal network. For instance, attaching one 3D
Sensor to a mirror or span port on a switch helps you identify attacks from one
computer on the internal network directed against other computers on the internal
network if the attack traffic traverses the switch.
Similarly, if a host on your network is compromised from within, RNA can
immediately identify both unauthorized changes on hosts. For example, a
Microsoft shop can use RNA to identify in real time a rogue Linux or Free BSD
system that mysteriously appears on their network segment. RNA on a switched
network segment can monitor all the hosts and services on the segment for
changes and vulnerabilities. For example, attaching an 3D Sensor to a mirror or
SPAN port on the switch allows you to monitor the entire network segment, as
long as all traffic to and from all hosts on the segment traverses the switch.
N TPS 3D S D C I G R 4.7.0 11
ORTEL ENSOR AND EFENSE ENTER NSTALLATION UIDE ELEASE PAGE